Ubuntu EC2 secure SSH server

README.md

Create new user

sudo useradd -m -s /bin/bash alice
sudo passwd alice
sudo usermod -aG sudo alice

Copy authorized users to new user

su - alice
sudo cp -r /home/ubuntu/.ssh .ssh
sudo chown -R alice:alice .ssh

Delete default user

sudo deluser --remove-home ubuntu

Disable ssh root login

sudo vim /etc/ssh/sshd_config
sudo sshd -t
sudo service ssh reload

PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
PermitEmptyPasswords no

Disable root account

sudo passwd -l root

Install fail2ban

sudo apt update
sudo apt install fail2ban -y
sudo vim /etc/fail2ban/jail.conf
sudo service fail2ban restart
sudo service fail2ban status

ignoreip = 127.0.0.1/8 ::1

[sshd]
enabled = true

Add 2fa

https://gist.github.com/miguelmota/9b12335f508481a6cdd642444b3b9b1c